A blog about the art of cyber-jutsu: information security as a martial art.

Wednesday, January 25, 2012

Anonymous DDoS Attack: OpIreland

Last night, into early this morning, Anonymous hacktivists launched a successful DDoS (Distributed Denial of Service) attack against http://justice.ie, the Department of Justice and Equality in Ireland website as a "warning shot across the bow", in response to an announcement that "the Irish government plans, before the end of January, to bring in a law which would allow Irish courts to block access to websites accused of infringing copyright...". (See: http://www.tjmcintyre.com/2012/01/irelands-sopa-faq.html and search for the twitter tag #OpIreland)

These activities raise many questions about citizenship, the law, liberty on the Internet, intellectual property rights, civil disobedience, and more.

When you think about and research these operations, there are some things that you should keep in mind. Not the least of which is that, according to information published by Anonymous, OpIreland was intentionally conducted "after business hours" when the need for the website would be less critical for anyone seeking to use it. The goal was to raise awareness, and it seems they have succeeded in that.

Some will denounce these activities out of hand as illegal and wrong. They will attempt to say that support for these Anonymous Operations is taking a side against intellectual property rights. I'm not sure that is a fair assessment. There are already laws on the books which can be used to prosecute those who steal other's work. What is being attacked here, is the notion that wide-sweeping new laws are required to combat online piracy. The danger is that these laws are so wide sweeping, that they will end up being used to censor law-abiding netizens and their online content.

In a perfect world, there would be no need to temporarily, forcibly, shut down a government website to direct attention at questionable legislation that, much like our own Patriot Act, is being pushed through the Irish legislature in a timeframe that will not allow proper analysis and debate. But it is clear that we live in a world that is far less than perfect.

As I write this, http://justice.ie is back online. The site was not damaged, and it was down for probably less than two hours as a result of the DDoS. The Anonymous threats are far more dangerous.

A message dropped onto Pastebin advised, "

If SOPA/PIPA/ACTA passes we will wage a relentless war against the corporate internet, destroying dozens upon

dozens of government and company websites. As you are reading this we are amassing our allied armies of

darkness, preparing boatloads of stolen booty for our next raid. We are sitting on hundreds of rooted servers

This may seem like techno-babble to many of you - if that is the case, take my word, it is threatening.

If the Anonymous Hacktivists move into the above noted phase of operations, I fear they will have gone too far. There is a difference between raising awareness through a more or less peaceful DDoS demonstration and cracking into accounts and distributing private bank account information. The DDoS operations can clearly be compared to a physical-world protest on a city street that would impede movement through the area for a time because so many people have flooded the street that there is no clear path for traffic to flow. Cracking into accounts and distributing bank account information is theft. One could argue, depending upon the owners of the bank accounts, that such operations would be akin to the illegal activities of Robin Hood - but they are clearly illegal, nevertheless.

I have one last thing for you to consider about this most recent, and in fact all hacktivist DDoS activities. I have heard folks say that because it takes a very large number of computer systems to pull off a DDoS, that there is wide-spread and popular support for Anonymous. This simply isn't the case. If it were, the DDoS wouldn't be necessary to raise awareness. The reality is that the hacktivists who are actually "pulling the trigger" to execute the DDoS are what we refer to as "bot herders". These are people who have control of hundreds, thousands, and in some cases tens or hundreds of thousands of compromised home and business computers. When these computers are compromised, software is installed "enlisting" these systems into a "bot army". The systems continue to function as normal; but, they also wait and listen for the command to attack. When that attack command is received, it is often a simple command telling the system to repeatedly "ping" the target system. The target system is quickly overwhelmed by "ping" requests, and can no longer respond to legitimate traffic. The site, in effect, is taken offline in this manner.

Perhaps a more democratic way to implement a popularly supported DDoS protest campaign, would be to invite folks to join the cause, rather than draft them into unknown participation. That would be better cyber-jutsu. ;)

Support the Cyber-Dojo

About Me

I am a current and active Certified Information Systems Security Professional (CISSP), and have received a certificate for the SANS GIAC Reverse Engineering Malware (GREM) training.
As a high-school student in the mid 1980's, I was sysop and co-sysop of several Bulletin Board Systems (BBS) run on both IBM computers as well as Atari systems.
While in the USAF in the late 1980's, I was stationed at Yokota AFB, Japan for over 2 years. I was a tech-controller, and a volunteer for the Air Base Aggressor Team, which performed penetration tests against both the permanent station and deployed field units.
I furthered my education at Middlesex County College, in New Jersey, and the Rochester Institute of Technology (RIT).
For the past ten+ years, I have acted in an Information Security Consulting capacity for such large corporations as Xerox, and GE, as well as numerous large hospitals and small businesses across these United States.
I am an active freelance writer and Information Security Consultant.
I own and operate CyberCede Corporation. You can find out more about CyberCede at http://www.cybercede.com